920 matches found
CVE-2024-54291
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in labs64 PluginPass pluginpass-pro-plugintheme-licensing allows Manipulating Web Input to File System Calls.This issue affects PluginPass: from n/a through = 0.9.10...
CVE-2025-26559
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Taylor Secure Invites wordpress-mu-secure-invites allows Reflected XSS.This issue affects Secure Invites: from n/a through = 1.3...
CVE-2025-26537
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rolomak GDPR Tools gdpr-tools allows Stored XSS.This issue affects GDPR Tools: from n/a through = 1.0.2...
CVE-2025-25134
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in zenverse Theme Demo Bar wordpress-theme-demo-bar allows Reflected XSS.This issue affects Theme Demo Bar: from n/a through = 1.6.3...
CVE-2025-23728
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in atelierhyper AuMenu aumenu allows Reflected XSS.This issue affects AuMenu: from n/a through = 1.1.5...
CVE-2025-23460
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rhizomaticweb RWS Enquiry And Lead Follow-up rws-enquiry allows Reflected XSS.This issue affects RWS Enquiry And Lead Follow-up: from n/a through = 1.0...
CVE-2025-23666
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cxc-sawa Management-screen-droptiles cxc-sawa allows Reflected XSS.This issue affects Management-screen-droptiles: from n/a through = 1.0...
CVE-2025-28903
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hectorgarrofe Driving Directions ddirections allows Reflected XSS.This issue affects Driving Directions: from n/a through = 1.4.4...
CVE-2025-28916
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Rashid Docpro docpro allows PHP Local File Inclusion.This issue affects Docpro: from n/a through = 2.0.1...
CVE-2025-28934
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in chaozh Simple Post Series simple-post-series allows Reflected XSS.This issue affects Simple Post Series: from n/a through = 2.4.4...
CVE-2025-28880
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jotis Blue Captcha blue-captcha allows Reflected XSS.This issue affects Blue Captcha: from n/a through = 1.7.4...
CVE-2025-28899
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in toddhuish WP Event Ticketing wpeventticketing allows Reflected XSS.This issue affects WP Event Ticketing: from n/a through = 1.3.4...
CVE-2025-28855
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in srcoley Teleport teleport allows Reflected XSS.This issue affects Teleport: from n/a through = 1.2.4...
CVE-2025-28873
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Scott Taylor Shuffle shuffle allows Blind SQL Injection.This issue affects Shuffle: from n/a through = 0.5...
CVE-2025-28869
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shauno NextGEN Gallery Voting nextgen-gallery-voting allows Reflected XSS.This issue affects NextGEN Gallery Voting: from n/a through = 2.7.6...
CVE-2025-28924
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Simbul ZenphotoPress zenphotopress allows Reflected XSS.This issue affects ZenphotoPress: from n/a through = 1.8...
CVE-2025-28889
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in starblank Custom Product Stickers for Woocommerce custom-product-stickers-for-woocommerce allows Reflected XSS.This issue affects Custom Product Stickers for Woocommerce: from n/a through = 1.9.0...
CVE-2025-28898
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows SQL Injection.This issue affects WP Multistore Locator: from n/a through = 2.5.2...
CVE-2025-28890
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in puzich Lightview Plus lightview-plus allows Reflected XSS.This issue affects Lightview Plus: from n/a through = 3.1.3...
CVE-2025-28939
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in EuroCizia WP Google Calendar Manager wp-gcalendar allows Blind SQL Injection.This issue affects WP Google Calendar Manager: from n/a through = 2.1...